diff options
author | he <he@pkgsrc.org> | 2007-08-02 17:27:30 +0000 |
---|---|---|
committer | he <he@pkgsrc.org> | 2007-08-02 17:27:30 +0000 |
commit | b2b94c0b3bcff84bb2036781ffa346c7d51b800c (patch) | |
tree | 9f9e3f8fcf70f03fe6ef01c6561137cb96313fbe /security | |
parent | 8df3417a97ed598f298a8c38f68156e585ddfde8 (diff) | |
download | pkgsrc-b2b94c0b3bcff84bb2036781ffa346c7d51b800c.tar.gz |
Import a package for DenyHosts version 2.6, ref.
http://denyhosts.sourceforge.net/
DenyHosts is a script intended to be run by system administrators
to help thwart SSH server attacks (also known as dictionary based
attacks and brute force attacks).
In short, it does this by monitoring your syslog output for failed
login attempts and tweaking /etc/hosts.deny accordingly, and it can
optionally send and fetch lists of ssh probers from a central server.
Thanks to joerg@ for review and corrections.
Diffstat (limited to 'security')
-rw-r--r-- | security/py-denyhosts/DESCR | 7 | ||||
-rw-r--r-- | security/py-denyhosts/Makefile | 38 | ||||
-rw-r--r-- | security/py-denyhosts/PLIST | 82 | ||||
-rw-r--r-- | security/py-denyhosts/distinfo | 10 | ||||
-rw-r--r-- | security/py-denyhosts/files/denyhosts.sh | 35 | ||||
-rw-r--r-- | security/py-denyhosts/patches/patch-aa | 43 | ||||
-rw-r--r-- | security/py-denyhosts/patches/patch-ab | 13 | ||||
-rw-r--r-- | security/py-denyhosts/patches/patch-ac | 15 | ||||
-rw-r--r-- | security/py-denyhosts/patches/patch-ad | 10 | ||||
-rw-r--r-- | security/py-denyhosts/patches/patch-ae | 10 |
10 files changed, 263 insertions, 0 deletions
diff --git a/security/py-denyhosts/DESCR b/security/py-denyhosts/DESCR new file mode 100644 index 00000000000..9ba94dc7f73 --- /dev/null +++ b/security/py-denyhosts/DESCR @@ -0,0 +1,7 @@ +DenyHosts is a script intended to be run by system administrators +to help thwart SSH server attacks (also known as dictionary based +attacks and brute force attacks). + +In short, it does this by monitoring your syslog output for failed +login attempts and tweaking /etc/hosts.deny accordingly, and it can +optionally send and fetch lists of ssh probers from a central server. diff --git a/security/py-denyhosts/Makefile b/security/py-denyhosts/Makefile new file mode 100644 index 00000000000..b7bca62332b --- /dev/null +++ b/security/py-denyhosts/Makefile @@ -0,0 +1,38 @@ +# $NetBSD: Makefile,v 1.1.1.1 2007/08/02 17:27:30 he Exp $ +# + +VER= 2.6 +DISTNAME= DenyHosts-${VER} +PKGNAME= ${PYPKGPREFIX}-denyhosts-${VER} +CATEGORIES= sysutils +MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=denyhosts/} + +MAINTAINER= he@NetBSD.org +HOMEPAGE= http://denyhosts.sourceforge.net/ +COMMENT= Watch auth log for invalid ssh login attempts and block hosts + +PKG_DESTDIR_SUPPORT= user-destdir + +PYDISTUTILSPKG= yes +PYTHON_VERSIONS_ACCEPTED= 24 23 + +CONF_FILES+= ${PREFIX}/share/denyhosts/denyhosts.cfg-dist \ + ${PREFIX}/etc/denyhosts.conf + +SUBST_CLASSES+= cf +SUBST_STAGE.cf= post-configure +SUBST_VARS.cf= VARBASE PREFIX VARBASE PKG_SYSCONFDIR PYTHONBIN +SUBST_FILES.cf= setup.py denyhosts.cfg-dist daemon-control-dist + +REPLACE_PYTHON= plugins/test_deny.py +REPLACE_PYTHON+= scripts/restricted_from_invalid.py +REPLACE_PYTHON+= scripts/restricted_from_passwd.py + +RCD_SCRIPTS+= denyhosts + +post-configure: + ${RM} ${WRKDIR}/${DISTNAME}/scripts/*.orig + +.include "../../lang/python/extension.mk" +.include "../../lang/python/application.mk" +.include "../../mk/bsd.pkg.mk" diff --git a/security/py-denyhosts/PLIST b/security/py-denyhosts/PLIST new file mode 100644 index 00000000000..3a2e54d69e1 --- /dev/null +++ b/security/py-denyhosts/PLIST @@ -0,0 +1,82 @@ +@comment $NetBSD: PLIST,v 1.1.1.1 2007/08/02 17:27:30 he Exp $ +bin/denyhosts.py +${PYSITELIB}/DenyHosts/__init__.py +${PYSITELIB}/DenyHosts/__init__.pyc +${PYSITELIB}/DenyHosts/__init__.pyo +${PYSITELIB}/DenyHosts/allowedhosts.py +${PYSITELIB}/DenyHosts/allowedhosts.pyc +${PYSITELIB}/DenyHosts/allowedhosts.pyo +${PYSITELIB}/DenyHosts/constants.py +${PYSITELIB}/DenyHosts/constants.pyc +${PYSITELIB}/DenyHosts/constants.pyo +${PYSITELIB}/DenyHosts/counter.py +${PYSITELIB}/DenyHosts/counter.pyc +${PYSITELIB}/DenyHosts/counter.pyo +${PYSITELIB}/DenyHosts/daemon.py +${PYSITELIB}/DenyHosts/daemon.pyc +${PYSITELIB}/DenyHosts/daemon.pyo +${PYSITELIB}/DenyHosts/deny_hosts.py +${PYSITELIB}/DenyHosts/deny_hosts.pyc +${PYSITELIB}/DenyHosts/deny_hosts.pyo +${PYSITELIB}/DenyHosts/denyfileutil.py +${PYSITELIB}/DenyHosts/denyfileutil.pyc +${PYSITELIB}/DenyHosts/denyfileutil.pyo +${PYSITELIB}/DenyHosts/filetracker.py +${PYSITELIB}/DenyHosts/filetracker.pyc +${PYSITELIB}/DenyHosts/filetracker.pyo +${PYSITELIB}/DenyHosts/lockfile.py +${PYSITELIB}/DenyHosts/lockfile.pyc +${PYSITELIB}/DenyHosts/lockfile.pyo +${PYSITELIB}/DenyHosts/loginattempt.py +${PYSITELIB}/DenyHosts/loginattempt.pyc +${PYSITELIB}/DenyHosts/loginattempt.pyo +${PYSITELIB}/DenyHosts/old-daemon.py +${PYSITELIB}/DenyHosts/old-daemon.pyc +${PYSITELIB}/DenyHosts/old-daemon.pyo +${PYSITELIB}/DenyHosts/plugin.py +${PYSITELIB}/DenyHosts/plugin.pyc +${PYSITELIB}/DenyHosts/plugin.pyo +${PYSITELIB}/DenyHosts/prefs.py +${PYSITELIB}/DenyHosts/prefs.pyc +${PYSITELIB}/DenyHosts/prefs.pyo +${PYSITELIB}/DenyHosts/purgecounter.py +${PYSITELIB}/DenyHosts/purgecounter.pyc +${PYSITELIB}/DenyHosts/purgecounter.pyo +${PYSITELIB}/DenyHosts/python_version.py +${PYSITELIB}/DenyHosts/python_version.pyc +${PYSITELIB}/DenyHosts/python_version.pyo +${PYSITELIB}/DenyHosts/regex.py +${PYSITELIB}/DenyHosts/regex.pyc +${PYSITELIB}/DenyHosts/regex.pyo +${PYSITELIB}/DenyHosts/report.py +${PYSITELIB}/DenyHosts/report.pyc +${PYSITELIB}/DenyHosts/report.pyo +${PYSITELIB}/DenyHosts/restricted.py +${PYSITELIB}/DenyHosts/restricted.pyc +${PYSITELIB}/DenyHosts/restricted.pyo +${PYSITELIB}/DenyHosts/sync.py +${PYSITELIB}/DenyHosts/sync.pyc +${PYSITELIB}/DenyHosts/sync.pyo +${PYSITELIB}/DenyHosts/util.py +${PYSITELIB}/DenyHosts/util.pyc +${PYSITELIB}/DenyHosts/util.pyo +${PYSITELIB}/DenyHosts/version.py +${PYSITELIB}/DenyHosts/version.pyc +${PYSITELIB}/DenyHosts/version.pyo +share/denyhosts/CHANGELOG.txt +share/denyhosts/LICENSE.txt +share/denyhosts/README.txt +share/denyhosts/daemon-control-dist +share/denyhosts/denyhosts.cfg-dist +share/denyhosts/plugins/README.contrib +share/denyhosts/plugins/shorewall_allow.sh +share/denyhosts/plugins/shorewall_deny.sh +share/denyhosts/plugins/test_deny.py +share/denyhosts/scripts/restricted_from_invalid.py +share/denyhosts/scripts/restricted_from_passwd.py +share/denyhosts/setup.py +share/examples/rc.d/denyhosts +@dirrm share/denyhosts/scripts +@dirrm share/denyhosts/plugins +@dirrm share/denyhosts +@dirrm ${PYSITELIB}/DenyHosts diff --git a/security/py-denyhosts/distinfo b/security/py-denyhosts/distinfo new file mode 100644 index 00000000000..79064c0806d --- /dev/null +++ b/security/py-denyhosts/distinfo @@ -0,0 +1,10 @@ +$NetBSD: distinfo,v 1.1.1.1 2007/08/02 17:27:30 he Exp $ + +SHA1 (DenyHosts-2.6.tar.gz) = 02143843cb7c37c986c222b7acc11f7b75eb7373 +RMD160 (DenyHosts-2.6.tar.gz) = cab4206af992f5405ed1c9b302341c7b5649c71a +Size (DenyHosts-2.6.tar.gz) = 42667 bytes +SHA1 (patch-aa) = 4bbb07f5918330a8dd828e8cfdf5bad3c4f50893 +SHA1 (patch-ab) = 3bb578421dc776cd42e769978d09872bc79098e8 +SHA1 (patch-ac) = 1b67c4da46c3205a3045a114863771290a74ba43 +SHA1 (patch-ad) = 744c65a2f4bec4c5553ba6c15f9ff0b45932e6fb +SHA1 (patch-ae) = 16f53356508632a8e9f7e905e399614011f7b038 diff --git a/security/py-denyhosts/files/denyhosts.sh b/security/py-denyhosts/files/denyhosts.sh new file mode 100644 index 00000000000..4b686c14fea --- /dev/null +++ b/security/py-denyhosts/files/denyhosts.sh @@ -0,0 +1,35 @@ +#!/bin/sh +# +# $NetBSD: denyhosts.sh,v 1.1.1.1 2007/08/02 17:27:30 he Exp $ +# +# PROVIDE: denyhosts +# REQUIRE: DAEMON +# +# You will need to set some variables in /etc/rc.conf to start denyhosts: +# +# denyhosts=YES + +if [ -f /etc/rc.subr ] +then + . /etc/rc.subr +fi + +name="denyhosts" +rcvar=$name +command=@PREFIX@/bin/denyhosts.py +command_interpreter=@PYTHONBIN@ +command_args="--config @PKG_SYSCONFDIR@/denyhosts.conf --daemon" +pidfile=@VARBASE@/run/denyhosts.pid +required_files=@PKG_SYSCONFDIR@/denyhosts.conf + +if [ ! -f /etc/hosts.deny ]; then + touch /etc/hosts.deny +fi + +if [ -f /etc/rc.subr ]; then + load_rc_config $name + run_rc_command "$1" +else + echo -n " ${name}" + exec ${command} ${command_args} +fi diff --git a/security/py-denyhosts/patches/patch-aa b/security/py-denyhosts/patches/patch-aa new file mode 100644 index 00000000000..6cb66d23d26 --- /dev/null +++ b/security/py-denyhosts/patches/patch-aa @@ -0,0 +1,43 @@ +$NetBSD: patch-aa,v 1.1.1.1 2007/08/02 17:27:30 he Exp $ + +--- denyhosts.cfg-dist.orig 2006-08-20 16:09:57.000000000 +0200 ++++ denyhosts.cfg-dist +@@ -9,11 +9,14 @@ + # argument + # + # Redhat or Fedora Core: +-SECURE_LOG = /var/log/secure ++#SECURE_LOG = /var/log/secure + # + # Mandrake, FreeBSD or OpenBSD: + #SECURE_LOG = /var/log/auth.log + # ++# NetBSD: ++SECURE_LOG = @VARBASE@/log/authlog ++# + # SuSE: + #SECURE_LOG = /var/log/messages + # +@@ -150,7 +153,7 @@ DENY_THRESHOLD_RESTRICTED = 1 + # Note: it is recommended that you use an absolute pathname + # for this value (eg. /home/foo/denyhosts/data) + # +-WORK_DIR = /usr/share/denyhosts/data ++WORK_DIR = @VARBASE@/db/denyhosts/data + # + ####################################################################### + +@@ -192,10 +195,10 @@ HOSTNAME_LOOKUP=YES + # running at a time. + # + # Redhat/Fedora: +-LOCK_FILE = /var/lock/subsys/denyhosts ++#LOCK_FILE = /var/lock/subsys/denyhosts + # +-# Debian +-#LOCK_FILE = /var/run/denyhosts.pid ++# Debian & NetBSD ++LOCK_FILE = @VARBASE@/run/denyhosts.pid + # + # Misc + #LOCK_FILE = /tmp/denyhosts.lock diff --git a/security/py-denyhosts/patches/patch-ab b/security/py-denyhosts/patches/patch-ab new file mode 100644 index 00000000000..006562d5d8f --- /dev/null +++ b/security/py-denyhosts/patches/patch-ab @@ -0,0 +1,13 @@ +$NetBSD: patch-ab,v 1.1.1.1 2007/08/02 17:27:30 he Exp $ + +--- setup.py.orig 2006-04-05 01:53:02.000000000 +0200 ++++ setup.py +@@ -8,7 +8,7 @@ import sys + from glob import glob + + +-libpath = "/usr/share/denyhosts" ++libpath = "@PREFIX@/share/denyhosts" + scriptspath = "%s/scripts" % libpath + pluginspath = "%s/plugins" % libpath + diff --git a/security/py-denyhosts/patches/patch-ac b/security/py-denyhosts/patches/patch-ac new file mode 100644 index 00000000000..edcd3020a14 --- /dev/null +++ b/security/py-denyhosts/patches/patch-ac @@ -0,0 +1,15 @@ +$NetBSD: patch-ac,v 1.1.1.1 2007/08/02 17:27:30 he Exp $ + +--- daemon-control-dist.orig 2006-04-22 01:04:43.000000000 +0200 ++++ daemon-control-dist +@@ -11,7 +11,7 @@ + #### Edit these to suit your configuration #### + ############################################### + +-DENYHOSTS_BIN = "/usr/bin/denyhosts.py" ++DENYHOSTS_BIN = "@PREFIX@/bin/denyhosts.py" +-DENYHOSTS_LOCK = "/var/lock/subsys/denyhosts" ++DENYHOSTS_LOCK = "@VARBASE@/db/denyhosts/lock" +-DENYHOSTS_CFG = "/usr/share/denyhosts/denyhosts.cfg" ++DENYHOSTS_CFG = "@PREFIX@/etc/denyhosts.cfg" + diff --git a/security/py-denyhosts/patches/patch-ad b/security/py-denyhosts/patches/patch-ad new file mode 100644 index 00000000000..fc0f09f5ddd --- /dev/null +++ b/security/py-denyhosts/patches/patch-ad @@ -0,0 +1,10 @@ +$NetBSD: patch-ad,v 1.1.1.1 2007/08/02 17:27:30 he Exp $ + +--- scripts/restricted_from_invalid.py.orig 2007-08-02 16:44:26.000000000 +0200 ++++ scripts/restricted_from_invalid.py +@@ -1,4 +1,4 @@ +-#!/bin/env python ++#!/usr/bin/env python + import os, sys + + def usage(): diff --git a/security/py-denyhosts/patches/patch-ae b/security/py-denyhosts/patches/patch-ae new file mode 100644 index 00000000000..f1e924f081d --- /dev/null +++ b/security/py-denyhosts/patches/patch-ae @@ -0,0 +1,10 @@ +$NetBSD: patch-ae,v 1.1.1.1 2007/08/02 17:27:30 he Exp $ + +--- scripts/restricted_from_passwd.py.orig 2007-08-02 16:44:30.000000000 +0200 ++++ scripts/restricted_from_passwd.py +@@ -1,4 +1,4 @@ +-#!/bin/env python ++#!/usr/bin/env python + # + ############################################################################ + # this script will read the /etc/passwd file and extract usernames |